Commvault has expanded its integration with Microsoft to connect AI-driven threat detection, investigation, and trusted recovery using Microsoft Sentinel, Microsoft Security Copilot, and the Commvault Cloud platform.
This announcement is particularly relevant for enterprises across the UAE and Saudi Arabia, where the cyber threat landscape is intensifying rapidly. Ransomware affiliates targeting GCC countries have increased underground recruitment efforts by 44%, reinforcing the urgency of integrated and automated cyber resilience strategies. At the same time, regulatory frameworks across both markets are evolving rapidly to mandate stronger resilience postures.
In the UAE, the National Cyber Security Strategy (2025–2031) marks a decisive shift from voluntary compliance to mandated resilience, requiring organizations to demonstrate end-to-end capabilities spanning detection, response, and recovery. Similarly, Saudi Arabia’s National Cybersecurity Authority, through Essential Cybersecurity Controls (ECC-2:2024), now requires government entities and critical national infrastructure operators to implement robust incident response and business continuity practices. Together, these developments reflect a broader regional investment in operational cyber resilience and sovereign security readiness, where organizations must not only defend against threats but also prove their ability to recover rapidly and securely.
Against this backdrop, the Commvault and Microsoft integration enables closer alignment between security and recovery teams through coordinated workflows. Security alerts from Commvault Cloud are ingested into Microsoft Sentinel data lake where security operations center (SOC) analysts can enrich these incidents with partner intelligence to access impact and validate scope. In the coming quarters, these insights can drive automated, policy-based recovery workflows to accelerate and orchestrate clean recovery at speed.
As part of this announcement, Commvault is introducing two integrated capabilities that directly bridge the gap between threat detection and trusted recovery. The first is a modernized Microsoft Sentinel Connector, which streams alerts and signals generated from Commvault Cloud Threat Scan and Risk Analysis. It includes malware detections, backup anomalies, and sensitive data exposure into Microsoft Sentinel in real time. This enables security teams to correlate backup-layer intelligence with broader threat signals, improving early detection of ransomware patterns while seamlessly integrating into existing SOC workflows without added complexity.
The second capability is Commvault’s Investigation Agent within Microsoft Security Copilot, purpose-built for cyber recovery investigations. The agent autonomously analyzes suspicious activity and draws on Commvault’s recovery-layer intelligence to determine the full scope of an incident, including impacted hosts, anomalous encryption patterns, and validated restore points. By correlating these insights with broader Microsoft security signals, the solution eliminates manual intervention, accelerates decision-making, and significantly lowers mean time to clean recovery (MTCR). For organizations operating under UAE and Saudi regulatory frameworks, this capability also enhances audit readiness and supports compliance reporting requirements.
“This isn’t just an integration – it’s a blueprint for the future of agentic ResOps,” said Michelle Graff, SVP, Global Channels and Partnerships at Commvault. “As attacks continue to evolve, siloed approaches don’t work. Seconds matter. By uniting and automating critical workflows, Commvault and Microsoft are ushering in a modern approach that can diminish the time between detection and recovery, advance the collaboration between IT and security teams, and keep enterprises running in a state of continuous resiliency.”
“In today’s threat landscape, the need to connect AI-enabled intelligence with automated recovery has never been greater,” said Krishna Kumar Parthasarathy, CVP Sentinel Platform, Microsoft Security. “The combination of Microsoft’s Security Copilot, Microsoft Sentinel, and Commvault’s Threat Scan and Risk Analysis gives enterprises access to a unified approach that can transform ResOps.”
